watchguard SIP provider problem

Discussion in '3CX Phone System - General' started by aits, Nov 30, 2009.

Thread Status:
Not open for further replies.
  1. aits

    Joined:
    Oct 6, 2009
    Messages:
    12
    Likes Received:
    0
    I have problems configuring my watchguard.

    Watchguard is in routed mode, performing NAT.
    172.17.2.14 is LAN IP 3CX Server.
    Rules applied:
    From Any-External To publicIP->172 .17 .2 .14 udp : 5060
    From Any-External To publicIP->172 .17 .2 .14 tcp : 5090
    From Any-External To publicIP->172 .17 .2 .14 udp 9000-9007
    From Any-Trusted To Any-External tcp 0 (Any)

    2 problems:

    3Stars.net: calling from LAN phone no problem, calling to public phone number: nothing happens, also nothing in Traffic monitor
    weepee: same problem but also registration fails , support guys weepee always give me the same answer: ask your question on forum 3CX...not more...not very client friendly...

    Log extraction:

    11:34:46.031 [CM504004]: Registration succeeded for: 10002 @ 3Stars.Net - IT-Factory
    11:34:25.562 Registration attempt for L:10002(3Stars.Net - IT-Factory) is scheduled in 20 sec.
    11:34:25.156 [CM504005]: Registration failed for: 10002 @ 3Stars.Net - IT-Factory; Cause: 408 Request Timeout; internal
    11:33:53.406 [CM504003]: Sent registration request for 10002 @ 3Stars.Net - IT-Factory
    11:33:53.406 [CM504003]: Sent registration request for 10002 @ 3Stars.Net - IT-Factory
    11:31:45.343 [CM504007]: Next attempt to register 10003 @ Weepee - IT-Factory is scheduled in 10 minutes
    11:31:45.343 [CM504005]: Registration failed for: 10003 @ Weepee - IT-Factory; Cause: 408 Request Timeout; internal
    11:31:30.234 [CM504004]: Registration succeeded for: 10002 @ 3Stars.Net - IT-Factory
    11:31:09.468 Registration attempt for L:10002(3Stars.Net - IT-Factory) is scheduled in 20 sec.
    11:30:33.031 Registration attempt for L:10003(Weepee - IT-Factory) is scheduled in 40 sec.
    11:29:40.859 Registration attempt for L:10003(Weepee - IT-Factory) is scheduled in 20 sec.
    11:29:08.734 [CM504003]: Sent registration request for 10003 @ Weepee - IT-Factory
    11:22:54.218 [CM506004]: STUN request to STUN server 91 .208 .12 .90 :3478 has timed out; used Transport: 172.17.2.14:5060
    11:22:51.203 [CM506004]: STUN request to STUN server 91 .208 .12 .90 :3478 has timed out; used Transport: 172.17.2.14:5060
    11:22:48.187 [CM506004]: STUN request to STUN server 91 .208 .12 .90 :3478 has timed out; used Transport: 172.17.2.14:5060
    11:22:45.171 [CM506004]: STUN request to STUN server 91 .208 .12 .90 :3478 has timed out; used Transport: 172.17.2.14:5060
    11:22:42.156 [CM506004]: STUN request to STUN server 64 .69 .76 .21 :3478 has timed out; used Transport: 172.17.2.14:5060
    11:22:39.062 [CM506004]: STUN request to STUN server 64 .69 .76 .21 :3478 has timed out; used Transport: 172.17.2.14:5060
    11:22:35.984 [CM506004]: STUN request to STUN server 64 .69 .76 .21 :3478 has timed out; used Transport: 172.17.2.14:5060
    11:22:32.968 [CM506004]: STUN request to STUN server 64 .69 .76 .21 :3478 has timed out; used Transport: 172.17.2.14:5060
    11:22:29.953 [CM506001]: STUN request to resolve SIP external IP:port mapping is sent to STUN server 64 .69 .76 .21 :3478 over Transport 172 .17 .2 .14 :5060
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,357
    Likes Received:
    224
    If 3cx isn't able to make an outgoing STUN request then you are off to a bad start. I'm not familiar with Watchguard, is it a program running on the same PC as 3CX? If it block all ports but the ones you've opened up then you may run into other issues as voice uses a number of other ports as well. What does the firewall test (from within 3CX) show?
     
  3. aits

    Joined:
    Oct 6, 2009
    Messages:
    12
    Likes Received:
    0
    wathguard is a seperate hardware firewall.

    since all tcp traffic from LAN to internet is open I don't see a reason why a connection with stun server can be made?
     
  4. jelliott52

    Joined:
    Oct 21, 2009
    Messages:
    28
    Likes Received:
    0
    Have you looked at the Watchguard's log files, maybe something in there will give some direction?

    Jay
     
  5. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,357
    Likes Received:
    224
    As a rule, you don't (shouldn't) have to open any special ports, beyond the regular ones, to get STUN to work. Can you PING the IP of the STUN server from the PC running 3CX? Have you tried a different STUN server, there are a number that you can use, even if just for testing.
     
Thread Status:
Not open for further replies.